import java.io.FileInputStream;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Properties;

public class SimpleDatabase {
	
	static String userName;
	static String userPassword;
	static String databaseUrl;
	static Boolean loggedIn = false;
	static Boolean PreparedStmts = false;
	static Boolean EvilUser = false;
	
	public static void main(String[] args)	  {	
		try {
			Properties prop = new Properties();
			FileInputStream fis = new FileInputStream("config.xml");
			prop.loadFromXML(fis);
			
			userName = prop.getProperty("userName");
			userPassword = prop.getProperty("userPassword");
			databaseUrl = prop.getProperty("databaseUrl");
			
			PreparedStmts = Boolean.parseBoolean(prop.getProperty("preparedStmts"));
			EvilUser = Boolean.parseBoolean(prop.getProperty("evilUser"));
			if(Boolean.parseBoolean(prop.getProperty("multipleQueries"))){
				databaseUrl = databaseUrl + "?allowMultiQueries=true";
			}
			else{
				databaseUrl = databaseUrl + "?allowMultiQueries=false";
			}
			
			System.out.println("\n Connecting...");
		
			Class.forName("com.mysql.jdbc.Driver").newInstance();
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		if (args.length >= 2)
        {
			login(args[0], args[1]);
        }
		else{
			reset();
		}
	}
	
	public static void reset(){
		ResultSet rs;
		String sql;
		
		try {
			Connection conn = DriverManager.getConnection (databaseUrl, userName, userPassword);
			
			System.out.println("\n Connected!");
			
			Statement stmt = conn.createStatement();
			
			sql = "DELETE FROM user";
			stmt.executeUpdate(sql);
			sql = "INSERT INTO user (name, password) VALUES ('hans', 'fassd8adfw9')";
			stmt.executeUpdate(sql);
			sql = "INSERT INTO user (name, password) VALUES ('gustav', 'savs09sf9asa9s')";
			stmt.executeUpdate(sql);

			sql = "SELECT * FROM mysql.user WHERE user='evil'";
			rs = stmt.executeQuery(sql);
			if (rs != null && rs.next()) {
				sql = "DELETE FROM mysql.user WHERE user='evil'";
				stmt.executeUpdate(sql);
			}
			
			conn.close();
			System.out.println("\n Database reset");
		}catch (Exception e) {
			e.printStackTrace();
		}
	}
	
	public static void login(String username, String password){
		ResultSet rs;
		String sql;
		
		try {
			if(EvilUser){
				userName = "evil";
				userPassword = "evilPass";
			}
			
			Connection conn = DriverManager.getConnection (databaseUrl, userName, userPassword);
			
			System.out.println("\n Connected!");
			
			if(PreparedStmts){
				sql = "SELECT * FROM User WHERE name = ? and password = ?";
				PreparedStatement prepStmt = conn.prepareStatement(sql);
				prepStmt.setString(1, username);
				prepStmt.setString(2, password);
				rs = prepStmt.executeQuery();
				
			}
			else{
				sql = "select * from user where name='" + username +"' and password='" + password + "'";
				Statement stmt = conn.createStatement();
				rs = stmt.executeQuery(sql);
			}
			if (rs.next()) {
				loggedIn = true;
				System.out.println("Successfully logged in");
			} else {
				System.out.println("Username and/or password not recognized");
			}
			conn.close();
		}catch (Exception e) {
			e.printStackTrace();
		}
	}
}
